CrowdStrike Falcon

Surface Falcon detections and incidents in ComplianceScout. Test verifies credentials; alert ingestion is in an upcoming release.

Source connector

Source connector — pulls identity and access data from CrowdStrike Falcon into ComplianceScout where it is scored against your compliance frameworks and violation rules.

What ComplianceScout collects

After a successful sync, the following data is available in your ComplianceScout dashboard for violation detection and reporting.

CrowdStrike Falcon user accounts and role assignments
Detection alerts with severity, tactic, technique, and affected host
Incident summaries with assigned analyst and status
Host inventory with sensor version and containment status

Required credentials

These fields are collected when you add the connector in the ComplianceScout dashboard. Secrets are encrypted at rest using AES-256-GCM and are never logged.

Field	Type	Required	Notes
Client ID	Text	Required	—
Client secret	Secret	Required	—
Base URL	URL	Required	Region-specific Falcon API URL. e.g. https://api.crowdstrike.com (us-1).

How to set up this connector

Follow these steps to gather the credentials above and connect CrowdStrike Falcon to ComplianceScout.

Log in to the Falcon console and navigate to Support & Resources → API clients and keys → Create API client.
Name the client "ComplianceScout" and enable Read access for: Detections, Incidents, Hosts, Users.
Copy the Client ID and Client Secret shown after creation — the secret is displayed only once.
Find your base URL from the Falcon console URL (e.g. https://api.crowdstrike.com for US-1).
In ComplianceScout, go to Data & Secrets → Integrations → Add Connector → CrowdStrike and enter the credentials.

Ready to connect CrowdStrike Falcon?

Start a free trial — your tenant is provisioned instantly and you can wire up this integration from the connectors page.

Start a free trial Add connector →